package tjs.study.antlr.splunkToMysql.v2;

import org.antlr.v4.runtime.CharStream;
import org.antlr.v4.runtime.CharStreams;
import org.antlr.v4.runtime.CommonTokenStream;
import org.antlr.v4.runtime.tree.ParseTree;
import tjs.study.antlr.splunkToMysql.v2.g4.*;

import java.util.List;

public class Do {
    /**
     * eventtype=hids_access_log_per5min
     * | table src_ip agent_ip host_name uname count
     * | lookup ris_src_whitelist2023 ip AS src_ip output explain AS whitelistStatus
     * | lookup ris_dev_list202302 ip AS agent_ip output status
     * | fillnull value="SRC_NOT_RIS" whitelistStatus
     * | search src_ip=10.10.* OR src_ip=10.172.* OR src_ip=10.173.*
     * | where whitelistStatus！＝“堡垒机” AND status="活动”
     * | stats count by src_ip
     *
     * @param args
     * @throws Exception
     */
    public static void main(String[] args) throws Exception {
        // 输入的Splunk语句
        String splunkQuery = 
                "index mainAlias=hids_access_log_per5min\n"
                + "| table _time, src_ip, agent_ip, host_name, uname, count\n"
                + "| lookup ris_dev_list202302 ip AS agent_ip, output, explain AS whitelistStatus\n"
                + "| fillnull value='SRC_NOT_RIS' whitelistStatus\n"
                + "| search cmdbId='host_1' AND src_ip='192.12.*'\n" 
                + "| stats count by src_ip" 
                ;
        System.out.println("splunkSql:\n" + splunkQuery);

        // 创建输入流
        CharStream input = CharStreams.fromString(splunkQuery);
        // 创建词法分析器
        SplunkToMysqlLexer lexer = new SplunkToMysqlLexer(input); CommonTokenStream tokens = new CommonTokenStream(lexer);
        // 创建解析器
        SplunkToMysqlParser parser = new SplunkToMysqlParser(tokens); ParseTree tree = parser.query();
        // 自定义的转换器
        SplunkToMySQLConverter converter = new SplunkToMySQLConverter();
        String mysqlQuery = converter.visit(tree);
        // 输出转换后的MySQL语句
        System.out.println("\n\nclickhouseSql:\n" + mysqlQuery);
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
        
    }
    
    
    
    
    
    
    
    
    
    
    
    
    
    
}

